TrickBot comes back and expands its target field
TrickBot is a banking trojan that has been spotted in September 2016. Authors of the malware were inspired by the success of Dyre trojan and created an unofficial copy of it. Nevertheless, the Trojan hasn’t been actively spreading since last autumn; on June 2017 it has been noticed attacking Payment Processors and CRMs.
Analysis revealed that this banking Trojan employs similar encryption techniques and hijack strategies as Dyre (alternatively known as Dyreza). Malware can bypass some security applications and infiltrates the system when users click on the malicious link or downloads a fake program.
After the invasion, TrickBot injects its malicious scripts and codes into banking websites. In other words, the cyber threat switches the original version of the site with its malignant substitute. In order to enforce this technique, C encryption language is used. In this regard, the newly detected Trick Bot malware also uses the improved version of the algorithm – C++.
What is more, the technique is supplemented with Microsoft CryptoAPI algorithm unlike AES and SHA256, previously employed by Dyre. Unlike the previous version of the virus, Trojan.TrickBot executes COM and TaskScheduler commands to maintain the computer under control.
The first campaigns were targeted Australian banks only. However, on April 2017 Trojan has been spotted attacking banks in The United States, Canada, United Kingdom, Ireland, Germany, France, Switzerland and New Zealand.
Nevertheless, the Trojan mostly targets banks; other users might encounter it as well. In case of the attack, you need to run a full system scan with reputable malware removal program, such as Reimage. It will help to remove TrickBot from the system entirely.
The new wave of TrickBot virus
In June 2017, security researchers noticed new spam campaigns distributing TrickBot malware again. Authors of malware applied the same strategy as Jaff ransomware.
Cybercriminals use social engineering techniques to trick users into opening a malicious email attachment. They include an obfuscated PDF file that opens a Word document. This file asks to enable macro command in order to see the content. Clicking “Enable Macros” button executes Trojan on the system.
Malware continues attacking financial institutions. New victims of TrickBot were banks in India, Singapore, Netherlands, and Bulgaria. 
However, financial institutions are not the only ones who might suffer from Trojan. Now it also targets two Customer Relationship Manager (CRM) SaaS providers and PayPal users.
On May security researchers discovered two malware distribution campaigns that targeted 210 URLs and 251 URLs.
Distribution methods of the Trojan
Phishing emails are the main distribution strategy that is used to spread TrickBo.  These emails might include obfuscated PDF document that might be renamed as “invoice,” “statement” or similarly. Thus, those who are working in the financial sector should be careful when opening such documents sent from unknown senders.
Malware also aims at PayPal users. Thus, if you receive an email from PayPal about suspicious activities in your account or reporting about other problems, you should login to their website directly instead of clicking provided links or attached documents.
The crooks develop different techniques to access personal information. Thus, such emails are usually very convincing. Do not fall into their trap even if they ask you to review suspicious invoice documents or tax reports.
Furthermore, the Trojan can attach itself to a free application. So you should give it a second thought before installing even a new media player.
The latter often happens to be the carrier of more malicious cyber threats. By exercising additional caution, you will reduce the probability of TrickBot hijack.
Guidelines for TrickBot removal
Automatic TrickBot removal is the most reliable way to delete malware from the computer. Trojan horse is a complex and serious cyber infection that might wrap itself in misleading disguise and pass itself off as a legitimate file.
Trying to find and eliminate all malware-related files from the computer is a difficult and complicated task that might lead to irreparable damage to the system.
Lastly, we want to remind that you have to remove TrickBot immediately because this data stealing trojan might lead to money loss and other serious privacy-related issues.